United States : 
Unknown Browser
www.ltdw.net 
Articles Sécurité Mandriva Security [Security Announce] [ MDVSA-2008:084 ] - Updated rsync packages fix vulnerability
Articles Sécurité Mandriva Security [Security Announce] [ MDVSA-2008:084 ] - Updated rsync packages fix vulnerability
| [Security Announce] [ MDVSA-2008:084 ] - Updated rsync packages fix vulnerability |
 |
 |
 |
(0 Votes)| Écrit par Administrator |
| Samedi, 12 Avril 2008 22:12 |
|
 _______________________________________________________________________   Mandriva Linux Security Advisory                        MDVSA-2008:084  http://www.mandriva.com/security/  _______________________________________________________________________   Package : rsync  Date   : April 11, 2008  Affected: 2007.0, 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0  _______________________________________________________________________   Problem Description:   Sebastian Krahmer of SUSE discovered that rsync could overflow when handling ACLs. An attakcer could construct a malicious set of files that, when processed, could lead to arbitrary code execution or a crash (CVE-2008-1720).   The updated packages have been patched to correct this issue.  _______________________________________________________________________  References:   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1720  _______________________________________________________________________ Updated Packages:   Mandriva Linux 2007.0:  015dee0e8b724a60a702aac81194128b 2007.0/i586/rsync-2.6.9-5.2mdv2007.0.i586.rpm  da32538186f22095454d5fd905c43f18 2007.0/SRPMS/rsync-2.6.9-5.2mdv2007.0.src.rpm  Mandriva Linux 2007.0/X86_64:  6c40f172781c4b6e8e29afea66eceda5 2007.0/x86_64/rsync-2.6.9-5.2mdv2007.0.x86_64.rpm  da32538186f22095454d5fd905c43f18 2007.0/SRPMS/rsync-2.6.9-5.2mdv2007.0.src.rpm  Mandriva Linux 2007.1:  c9ca16a3e8d078ff91544bed44adf29a 2007.1/i586/rsync-2.6.9-5.2mdv2007.1.i586.rpm  e2fd457f3d5b29d2e0ff2e90103edf52 2007.1/SRPMS/rsync-2.6.9-5.2mdv2007.1.src.rpm  Mandriva Linux 2007.1/X86_64:  04f27441429d634ac818987560a4c84b 2007.1/x86_64/rsync-2.6.9-5.2mdv2007.1.x86_64.rpm  e2fd457f3d5b29d2e0ff2e90103edf52 2007.1/SRPMS/rsync-2.6.9-5.2mdv2007.1.src.rpm  Mandriva Linux 2008.0:  a94efaeca944875ae05ae4ed6258db87 2008.0/i586/rsync-2.6.9-5.2mdv2008.0.i586.rpm  9b325b104fc1b0252103c1fd7d92b64e 2008.0/SRPMS/rsync-2.6.9-5.2mdv2008.0.src.rpm  Mandriva Linux 2008.0/X86_64:  c1345a5a22eb0b15dc7975cb39ae75d3 2008.0/x86_64/rsync-2.6.9-5.2mdv2008.0.x86_64.rpm  9b325b104fc1b0252103c1fd7d92b64e 2008.0/SRPMS/rsync-2.6.9-5.2mdv2008.0.src.rpm  Mandriva Linux 2008.1:  303269d032057cf2188daa61c5a9514e 2008.1/i586/rsync-3.0.2-0.1mdv2008.1.i586.rpm  4d6d3d0908bd35a4151e9c05b848affc 2008.1/SRPMS/rsync-3.0.2-0.1mdv2008.1.src.rpm  Mandriva Linux 2008.1/X86_64:  de82c38e7c764990cd8cec60907af8d0 2008.1/x86_64/rsync-3.0.2-0.1mdv2008.1.x86_64.rpm  4d6d3d0908bd35a4151e9c05b848affc 2008.1/SRPMS/rsync-3.0.2-0.1mdv2008.1.src.rpm  Corporate 3.0:  0ec10ce483edb010b3fa914de3a249d5 corporate/3.0/i586/rsync-2.6.9-4.2.C30mdk.i586.rpm  03e2cc506c2df32dcecddfc005aaefe9 corporate/3.0/SRPMS/rsync-2.6.9-4.2.C30mdk.src.rpm  Corporate 3.0/X86_64:  242602d0ff175c4ef6a36bcf0f2fc544 corporate/3.0/x86_64/rsync-2.6.9-4.2.C30mdk.x86_64.rpm  03e2cc506c2df32dcecddfc005aaefe9 corporate/3.0/SRPMS/rsync-2.6.9-4.2.C30mdk.src.rpm  Corporate 4.0:  436bcca45d69c4ad6bd662c9554b21b3 corporate/4.0/i586/rsync-2.6.9-4.2.20060mlcs4.i586.rpm  59a9aacffd74793315403ea016e4cd80 corporate/4.0/SRPMS/rsync-2.6.9-4.2.20060mlcs4.src.rpm  Corporate 4.0/X86_64:  105b47b006fc912edb42fc5ff170b89a corporate/4.0/x86_64/rsync-2.6.9-4.2.20060mlcs4.x86_64.rpm  59a9aacffd74793315403ea016e4cd80 corporate/4.0/SRPMS/rsync-2.6.9-4.2.20060mlcs4.src.rpm  _______________________________________________________________________  To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.  All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98  You can view other update advisories for Mandriva Linux at:  http://www.mandriva.com/security/advisories  If you want to report vulnerabilities, please contact  security_(at)_mandriva.com  _______________________________________________________________________ 
|